[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-23358":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":84,"duplicate_of":9,"upstream":86,"downstream":87,"duplicates":110,"related":111,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":126,"kevs":278,"epss":279,"epss_history":282,"metrics":541,"affected":563},"CVE-2021-23358","The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[63,72,76,80],{"_key":64,"name":65,"source":66,"url":67,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":71,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_4BF004D7CAC74B60","Exploit Reference (snyk.io)","reference","https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984","unknown",0.2,false,[],{"_key":73,"name":65,"source":66,"url":74,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":75,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C41CFC622D4349FC","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503",[],{"_key":77,"name":65,"source":66,"url":78,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":79,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_85C9BB68978807D5","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504",[],{"_key":81,"name":65,"source":66,"url":82,"maturity":68,"reliability_score":69,"verified":70,"type":9,"platforms":83,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_72555C4429720CDA","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505",[],[85],"GHSA-cf4h-3jhx-xvhq",[],[88,90,92,94,96,98,100,102,104,106,108],{"_key":89},"UBUNTU-CVE-2021-23358",{"_key":91},"USN-4913-1",{"_key":93},"OPENSUSE-SU-2021:0601-1",{"_key":95},"OPENSUSE-SU-2024:11095-1",{"_key":97},"DLA-2613-1",{"_key":99},"DSA-4883-1",{"_key":101},"MGASA-2021-0269",{"_key":103},"RHSA-2021:2865",{"_key":105},"DEBIAN-CVE-2021-23358",{"_key":107},"RHSA-2022:6393",{"_key":109},"RHSA-2026:2769",[],[112,113,114],{"_key":93},{"_key":95},{"_key":101},"2021-03-29T13:15:34.770Z","2025-11-03T21:44:35.654Z","Modified",{"cisa_kev":70,"cisa_ransomware":70,"cisa_vendor":9,"epss_severity":119,"epss_score":120,"severity":121,"severity_score":122,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":117},"low",0.01452,"high",7.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",[127,136,139,142,145,150,156,162,166,170,174,178,182,187,192,196,200,204,208,213,217,221,225,229,233,237,241,245,249,253,257,261,265,269,273],{"url":67,"sources":128,"tags":131},[129,124,130],"cve.org","osv_npm",[132,133,134,135],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":74,"sources":137,"tags":138},[129,124,130],[132,133,134,135],{"url":78,"sources":140,"tags":141},[129,124,130],[132,133,134,135],{"url":82,"sources":143,"tags":144},[129,124,130],[132,133,134,135],{"url":146,"sources":147,"tags":148},"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71",[129,124,130],[132,149,135],"Broken Link",{"url":151,"sources":152,"tags":153},"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html",[129,124,130],[154,155,134,135],"Mailing List","X Refsource MLIST",{"url":157,"sources":158,"tags":159},"https://www.debian.org/security/2021/dsa-4883",[129,124,130],[160,161,134,135],"Vendor Advisory","X Refsource DEBIAN",{"url":163,"sources":164,"tags":165},"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E",[129,124,130],[154,155,135],{"url":167,"sources":168,"tags":169},"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E",[129,124,130],[154,155,135],{"url":171,"sources":172,"tags":173},"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E",[129,124,130],[154,155,135],{"url":175,"sources":176,"tags":177},"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E",[129,124,130],[154,155,135],{"url":179,"sources":180,"tags":181},"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E",[129,124,130],[154,155,135],{"url":183,"sources":184,"tags":185},"https://www.tenable.com/security/tns-2021-14",[129,124,130],[186,134,135],"X Refsource CONFIRM",{"url":188,"sources":189,"tags":190},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/",[129,124],[160,191],"X Refsource FEDORA",{"url":193,"sources":194,"tags":195},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/",[129,124],[160,191],{"url":197,"sources":198,"tags":199},"https://security.netapp.com/advisory/ntap-20240808-0003/",[129,124],[],{"url":201,"sources":202,"tags":203},"http://seclists.org/fulldisclosure/2025/Apr/14",[129,124,130],[135],{"url":205,"sources":206,"tags":207},"https://security.netapp.com/advisory/ntap-20241108-0002/",[129,124],[],{"url":209,"sources":210,"tags":211},"https://nvd.nist.gov/vuln/detail/CVE-2021-23358",[130],[212],"Advisory",{"url":214,"sources":215,"tags":216},"https://github.com/jashkenas/underscore/pull/2917",[130],[135],{"url":218,"sources":219,"tags":220},"https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66",[130],[135],{"url":222,"sources":223,"tags":224},"https://www.npmjs.com/package/underscore",[130],[135],{"url":226,"sources":227,"tags":228},"https://security.netapp.com/advisory/ntap-20241108-0002",[130],[135],{"url":230,"sources":231,"tags":232},"https://security.netapp.com/advisory/ntap-20240808-0003",[130],[135],{"url":234,"sources":235,"tags":236},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV",[130],[135],{"url":238,"sources":239,"tags":240},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z",[130],[135],{"url":242,"sources":243,"tags":244},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV",[130],[135],{"url":246,"sources":247,"tags":248},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z",[130],[135],{"url":250,"sources":251,"tags":252},"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E",[130],[135],{"url":254,"sources":255,"tags":256},"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E",[130],[135],{"url":258,"sources":259,"tags":260},"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E",[130],[135],{"url":262,"sources":263,"tags":264},"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E",[130],[135],{"url":266,"sources":267,"tags":268},"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E",[130],[135],{"url":270,"sources":271,"tags":272},"https://github.com/jashkenas/underscore/releases/tag/1.12.1",[130],[135],{"url":274,"sources":275,"tags":276},"https://github.com/jashkenas/underscore",[130],[277],"PACKAGE",[],{"date":280,"score":120,"percentile":281},"2026-06-04",0.81138,[283,287,290,293,296,299,302,305,308,311,314,317,320,322,325,329,332,335,338,341,344,346,349,352,355,357,359,361,365,368,371,374,377,380,383,386,389,392,395,398,401,403,405,408,411,414,417,420,423,426,429,432,435,438,442,445,448,451,454,457,460,463,466,469,472,474,477,480,482,485,488,490,493,495,498,501,504,506,509,511,514,517,520,523,525,528,531,533,535,538],{"date":284,"score":285,"percentile":286},"2025-11-04",0.01433,0.80027,{"date":288,"score":285,"percentile":289},"2025-11-05",0.80029,{"date":291,"score":285,"percentile":292},"2025-11-06",0.80033,{"date":294,"score":285,"percentile":295},"2025-11-07",0.80045,{"date":297,"score":285,"percentile":298},"2025-11-08",0.80051,{"date":300,"score":285,"percentile":301},"2025-11-09",0.80048,{"date":303,"score":285,"percentile":304},"2025-11-10",0.80043,{"date":306,"score":285,"percentile":307},"2025-11-11",0.80047,{"date":309,"score":285,"percentile":310},"2025-11-12",0.80062,{"date":312,"score":285,"percentile":313},"2025-11-13",0.80068,{"date":315,"score":285,"percentile":316},"2025-11-14",0.80075,{"date":318,"score":285,"percentile":319},"2025-11-15",0.80074,{"date":321,"score":285,"percentile":319},"2025-11-16",{"date":323,"score":285,"percentile":324},"2025-11-17",0.80073,{"date":326,"score":327,"percentile":328},"2025-11-18",0.06392,0.9008,{"date":330,"score":327,"percentile":331},"2025-11-19",0.90084,{"date":333,"score":327,"percentile":334},"2025-11-20",0.90087,{"date":336,"score":285,"percentile":337},"2025-11-21",0.80091,{"date":339,"score":285,"percentile":340},"2025-11-22",0.80095,{"date":342,"score":285,"percentile":343},"2025-11-23",0.80087,{"date":345,"score":285,"percentile":343},"2025-11-24",{"date":347,"score":285,"percentile":348},"2025-11-25",0.80089,{"date":350,"score":285,"percentile":351},"2025-11-26",0.8009,{"date":353,"score":285,"percentile":354},"2025-11-27",0.80094,{"date":356,"score":285,"percentile":343},"2025-11-28",{"date":358,"score":285,"percentile":351},"2025-11-29",{"date":360,"score":285,"percentile":337},"2025-11-30",{"date":362,"score":363,"percentile":364},"2025-12-01",0.01165,0.781,{"date":366,"score":363,"percentile":367},"2025-12-02",0.78109,{"date":369,"score":363,"percentile":370},"2025-12-03",0.78105,{"date":372,"score":285,"percentile":373},"2025-12-04",0.80096,{"date":375,"score":285,"percentile":376},"2025-12-05",0.80102,{"date":378,"score":285,"percentile":379},"2025-12-06",0.80105,{"date":381,"score":285,"percentile":382},"2025-12-07",0.80107,{"date":384,"score":285,"percentile":385},"2025-12-08",0.80112,{"date":387,"score":285,"percentile":388},"2025-12-09",0.80127,{"date":390,"score":285,"percentile":391},"2025-12-10",0.80151,{"date":393,"score":285,"percentile":394},"2025-12-11",0.80162,{"date":396,"score":285,"percentile":397},"2025-12-12",0.80181,{"date":399,"score":285,"percentile":400},"2025-12-13",0.8018,{"date":402,"score":285,"percentile":400},"2025-12-14",{"date":404,"score":285,"percentile":400},"2025-12-15",{"date":406,"score":285,"percentile":407},"2025-12-16",0.80191,{"date":409,"score":285,"percentile":410},"2025-12-17",0.80199,{"date":412,"score":285,"percentile":413},"2025-12-18",0.80217,{"date":415,"score":285,"percentile":416},"2025-12-19",0.80228,{"date":418,"score":285,"percentile":419},"2025-12-20",0.80221,{"date":421,"score":285,"percentile":422},"2025-12-21",0.80214,{"date":424,"score":285,"percentile":425},"2025-12-22",0.80212,{"date":427,"score":285,"percentile":428},"2025-12-23",0.80213,{"date":430,"score":285,"percentile":431},"2025-12-24",0.8023,{"date":433,"score":285,"percentile":434},"2025-12-25",0.8025,{"date":436,"score":285,"percentile":437},"2025-12-26",0.80248,{"date":439,"score":440,"percentile":441},"2025-12-27",0.01208,0.78563,{"date":443,"score":285,"percentile":444},"2025-12-28",0.80237,{"date":446,"score":285,"percentile":447},"2025-12-29",0.80236,{"date":449,"score":285,"percentile":450},"2025-12-30",0.80243,{"date":452,"score":285,"percentile":453},"2025-12-31",0.80255,{"date":455,"score":363,"percentile":456},"2026-01-01",0.78263,{"date":458,"score":363,"percentile":459},"2026-01-02",0.78265,{"date":461,"score":363,"percentile":462},"2026-01-03",0.78264,{"date":464,"score":285,"percentile":465},"2026-01-04",0.80242,{"date":467,"score":285,"percentile":468},"2026-01-05",0.80238,{"date":470,"score":285,"percentile":471},"2026-01-06",0.80241,{"date":473,"score":285,"percentile":437},"2026-01-07",{"date":475,"score":285,"percentile":476},"2026-01-08",0.80258,{"date":478,"score":285,"percentile":479},"2026-01-09",0.8026,{"date":481,"score":285,"percentile":479},"2026-01-10",{"date":483,"score":285,"percentile":484},"2026-01-11",0.80252,{"date":486,"score":285,"percentile":487},"2026-01-12",0.80239,{"date":489,"score":285,"percentile":444},"2026-01-13",{"date":491,"score":285,"percentile":492},"2026-01-14",0.80257,{"date":494,"score":285,"percentile":492},"2026-01-15",{"date":496,"score":285,"percentile":497},"2026-01-16",0.80266,{"date":499,"score":285,"percentile":500},"2026-01-17",0.80274,{"date":502,"score":285,"percentile":503},"2026-01-18",0.80267,{"date":505,"score":285,"percentile":479},"2026-01-19",{"date":507,"score":285,"percentile":508},"2026-01-20",0.80259,{"date":510,"score":285,"percentile":503},"2026-01-21",{"date":512,"score":285,"percentile":513},"2026-01-22",0.80275,{"date":515,"score":285,"percentile":516},"2026-01-23",0.80302,{"date":518,"score":285,"percentile":519},"2026-01-24",0.80312,{"date":521,"score":285,"percentile":522},"2026-01-25",0.80303,{"date":524,"score":285,"percentile":516},"2026-01-26",{"date":526,"score":285,"percentile":527},"2026-01-27",0.80305,{"date":529,"score":285,"percentile":530},"2026-01-28",0.80304,{"date":532,"score":285,"percentile":516},"2026-01-29",{"date":534,"score":285,"percentile":516},"2026-01-30",{"date":536,"score":285,"percentile":537},"2026-01-31",0.80308,{"date":539,"score":363,"percentile":540},"2026-02-01",0.78327,[542,549,559],{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":543,"cvss_v4_0":9},{"baseScore":544,"baseSeverity":545,"vectorString":546,"impactScore":547,"exploitabilityScore":548},3.3,"LOW","CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",4.2,1.8,{"source":124,"cvss_v2_0":550,"cvss_v3_0":9,"cvss_v3_1":555,"cvss_v4_0":9},{"baseScore":551,"baseSeverity":9,"vectorString":552,"impactScore":553,"exploitabilityScore":554},6.5,"AV:N/AC:L/Au:S/C:P/I:P/A:P",6.4,8,{"baseScore":122,"baseSeverity":556,"vectorString":125,"impactScore":557,"exploitabilityScore":558},"HIGH",9.8,3.1,{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":560,"cvss_v4_0":9},{"baseScore":557,"baseSeverity":9,"vectorString":561,"impactScore":557,"exploitabilityScore":562},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",10,[564,575,583,596,604],{"ecosystem":9,"name":565,"vendor":566,"product":567,"cpe_part":568,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":569},"debian linux","debian","debian_linux","o",[570,573],{"version":571,"is_range":70,"range_type":572,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"version":574,"is_range":70,"range_type":572,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":576,"vendor":577,"product":576,"cpe_part":568,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":578},"fedora","fedoraproject",[579,581],{"version":580,"is_range":70,"range_type":572,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"version":582,"is_range":70,"range_type":572,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":584,"name":585,"vendor":584,"product":585,"cpe_part":9,"purl_type":586,"purl_namespace":9,"purl_name":585,"source":9,"versions":587},"Npm","underscore","npm",[588],{"version":589,"is_range":590,"range_type":591,"version_start":592,"version_start_type":593,"version_end":594,"version_end_type":595,"fixed_in":9},"gte1_3_2_lt1_12_1",true,"semver","1.3.2","including","1.12.1","excluding",{"ecosystem":9,"name":597,"vendor":598,"product":597,"cpe_part":599,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":600},"tenable.sc","tenable","a",[601],{"version":602,"is_range":590,"range_type":572,"version_start":9,"version_start_type":9,"version_end":603,"version_end_type":593,"fixed_in":9},"lte5.18.0","5.18.0",{"ecosystem":9,"name":585,"vendor":605,"product":585,"cpe_part":599,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":606},"underscorejs",[607,609],{"version":608,"is_range":590,"range_type":572,"version_start":592,"version_start_type":593,"version_end":594,"version_end_type":595,"fixed_in":9},"gte1.3.2_lt1.12.1",{"version":610,"is_range":590,"range_type":572,"version_start":611,"version_start_type":593,"version_end":612,"version_end_type":595,"fixed_in":9},"gte1.13.0-0_lt1.13.0-2","1.13.0-0","1.13.0-2"]